Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
175 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Learning with Errors over Group Rings Constructed by Semi-direct Product (2311.15868v2)

Published 27 Nov 2023 in cs.CR, cs.IT, and math.IT

Abstract: The Learning with Errors (LWE) problem has been widely utilized as a foundation for numerous cryptographic tools over the years. In this study, we focus on an algebraic variant of the LWE problem called Group ring LWE (GR-LWE). We select group rings (or their direct summands) that underlie specific families of finite groups constructed by taking the semi-direct product of two cyclic groups. Unlike the Ring-LWE problem described in \cite{lyubashevsky2010ideal}, the multiplication operation in the group rings considered here is non-commutative. As an extension of Ring-LWE, it maintains computational hardness and can be potentially applied in many cryptographic scenarios. In this paper, we present two polynomial-time quantum reductions. Firstly, we provide a quantum reduction from the worst-case shortest independent vectors problem (SIVP) in ideal lattices with polynomial approximate factor to the search version of GR-LWE. This reduction requires that the underlying group ring possesses certain mild properties; Secondly, we present another quantum reduction for two types of group rings, where the worst-case SIVP problem is directly reduced to the (average-case) decision GR-LWE problem. The pseudorandomness of GR-LWE samples guaranteed by this reduction can be consequently leveraged to construct semantically secure public-key cryptosystems.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (47)
  1. V. Lyubashevsky, C. Peikert, and O. Regev, “On ideal lattices and learning with errors over rings,” in Advances in Cryptology–EUROCRYPT, 2010, pp. 1–23.
  2. P. W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIAM J. Comput., vol. 26, no. 5, pp. 1484–1509, 1997.
  3. M. Ajtai, “Generating hard instances of lattice problems,” in Proc. 28th Annu. ACM Symp. Theory Comput., 1996, pp. 99–108.
  4. O. Regev, “On lattices, learning with errors, random linear codes, and cryptography,” J. ACM, vol. 56, no. 6, pp. 1–40, 2009.
  5. C. Peikert, “Public-key cryptosystems from the worst-case shortest vector problem,” in Proc. 41st Annu. ACM Symp. Theory Comput., 2009, pp. 333–342.
  6. J. Hoffstein, J. Pipher, and J. H. Silverman, “NTRU: A ring-based public key cryptosystem,” in Proc. 3rd Int. Symp. ANTS, 1998, pp. 267–288.
  7. D. Stehlé, R. Steinfeld, K. Tanaka, and K. Xagawa, “Efficient public key encryption based on ideal lattices,” in Advances in Cryptology–ASIACRYPT, 2009, pp. 617–635.
  8. C. Peikert, O. Regev, and N. Stephens-Davidowitz, “Pseudorandomness of Ring-LWE for any ring and modulus,” in Proc. 49th Annu. ACM SIGACT Symp. Theory Comput., 2017, pp. 461–473.
  9. Z. Brakerski, C. Gentry, and V. Vaikuntanathan, “(Leveled) fully homomorphic encryption without bootstrapping,” ACM Trans. Comput.Theory (TOCT), vol. 6, no. 3, pp. 1–36, 2014.
  10. M. Rosca, D. Stehlé, and A. Wallet, “On the ring-LWE and polynomial-LWE problems,” in Advances in Cryptology–EUROCRYPT, 2018, pp. 146–173.
  11. M. Bolboceanu, Z. Brakerski, R. Perlman, and D. Sharma, “Order-LWE and the hardness of ring-LWE with entropic secrets,” in Advances in Cryptology–ASIACRYPT, 2019, pp. 91–120.
  12. M. Roşca, A. Sakzad, D. Stehlé, and R. Steinfeld, “Middle-product learning with errors,” in Advances in Cryptology–CRYPTO, 2017, pp. 283–297.
  13. C. Peikert and Z. Pepin, “Algebraically structured LWE, revisited,” in Theory of Cryptography Conference (TCC), 2019, pp. 1–23.
  14. C. Peikert, V. Vaikuntanathan, and B. Waters, “A framework for efficient and composable oblivious transfer,” in Advances in Cryptology–CRYPTO, 2008, pp. 554–571.
  15. D. Micciancio and C. Peikert, “Trapdoors for lattices: Simpler, tighter, faster, smaller,” in Advances in Cryptology–EUROCRYPT, 2012, pp. 700–718.
  16. D. Boneh, K. Lewi, H. W. Montgomery, and A. Raghunathan, “Key homomorphic PRFs and their applications,” in Advances in Cryptology–CRYPTO, 2013, pp. 410–428.
  17. A. Banerjee and C. Peikert, “New and improved key-homomorphic pseudorandom functions,” in Advances in Cryptology–CRYPTO, 2014, pp. 353–370.
  18. C. Gentry, C. Peikert, and V. Vaikuntanathan, “Trapdoors for hard lattices and new cryptographic constructions,” in Proc. 41st Annu. ACM Symp. Theory Comput., 2008, pp. 197–206.
  19. D. Cash, D. Hofheinz, E. Kiltz, and C. Peikert, “Bonsai trees, or how to delegate a lattice basis,” J. Cryptology, vol. 25, pp. 601–639, 2012.
  20. S. Agrawal, D. Boneh, and X. Boyen, “Efficient lattice (H)IBE in the standard model,” in Advances in Cryptology–EUROCRYPT, 2010, pp. 553–572.
  21. S. Agrawal, D. M. Freeman, and V. Vaikuntanathan, “Functional encryption for inner product predicates from learning with errors,” in Advances in Cryptology–ASIACRYPT, 2011, pp. 21–40.
  22. S. Gorbunov, V. Vaikuntanathan, and H. Wee, “Attribute-based encryption for circuits,” J. ACM, vol. 62, no. 6, pp. 1–33, 2015.
  23. D. Boneh, C. Gentry, S. Gorbunov, S. Halevi, V. Nikolaenko, G. Segev, V. Vaikuntanathan, and D. Vinayagamurthy, “Fully key-homomorphic encryption, arithmetic circuit ABE and compact garbled circuits,” in Advances in Cryptology–EUROCRYPT, 2014, pp. 533–556.
  24. S. Gorbunov, V. Vaikuntanathan, and H. Wee, “Predicate encryption for circuits from LWE,” in Advances in Cryptology–CRYPTO, 2015, pp. 503–523.
  25. C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Proc. 41st Annu. ACM Symp. Theory Comput., 2009, pp. 169–178.
  26. C. Gentry, A. Sahai, and B. Waters, “Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based,” in Advances in Cryptology–CRYPTO, 2013, pp. 75–92.
  27. Z. Brakerski and V. Vaikuntanathan, “Efficient fully homomorphic encryption from (standard) LWE,” SIAM J. Comput., vol. 43, no. 2, pp. 831–871, 2014.
  28. S. Garg, C. Gentry, and S. Halevi, “Candidate multilinear maps from ideal lattices,” in Advances in Cryptology–EUROCRYPT, 2013, pp. 1–17.
  29. C. Gentry, S. Gorbunov, and S. Halevi, “Graph-induced multilinear maps from lattices,” in Theory of Cryptography Conference (TCC), 2015, pp. 498–527.
  30. Q. Cheng, J. Zhang, and J. Zhuang, “LWE from non-commutative group rings,” Des. Codes Cryptogr., vol. 90, no. 1, pp. 239–263, 2022.
  31. J. Biasse and F. Song, “Efficient quantum algorithms for computing class groups and solving the principal ideal problem in arbitrary degree number fields,” in SODA’16, 2016, pp. 893–902.
  32. R. Cramer, L. Ducas, C. Peikert, and O. Regev, “Recovering short generators of principal ideals in cyclotomic rings,” in Advances in Cryptology–EUROCRYPT, 2016, pp. 559–585.
  33. Y. Pan, J. Xu, N. Wadleigh, and Q. Cheng, “On the ideal shortest vector problem over random rational primes,” in Advances in Cryptology–EUROCRYPT, 2021, pp. 559–583.
  34. Y. Elias, K. E. Lauter, E. Ozman, and K. E. Stange, “Provably weak instances of Ring-LWE,” in Advances in Cryptology–CRYPTO, 2015, pp. 63–92.
  35. H. Chen, K. Lauter, and K. E. Stange, “Attacks on the search RLWE problem with small errors,” SIAM J. Appl. Algebra Geom., vol. 1, no. 1, pp. 665–682, 2017.
  36. A. Langlois and D. Stehlé, “Worst-case to average-case reductions for module lattices,” Des. Codes Cryptogr., vol. 75, no. 3, pp. 565–599, 2015.
  37. A. Pedrouzo-Ulloa, J. R. Troncoso-Pastoriza, and F. Pérez-González, “Multivariate lattices for encrypted image processing,” in IEEE Int. Conf. Acoust. Speech Signal Process. (ICASSP), 2015, pp. 1707–1711.
  38. T. Yasuda, X. Dahan, and K. Sakurai, “Characterizing NTRU-variants using group ring and evaluating their lattice security,” Cryptology ePrint Archive, Report 2015/1170, 2015. [Online]. Available: https://eprint.iacr.org/2015/1170.
  39. C. Grover, A. Mendelsohn, C. Ling, and R. Vehkalahti, “Non-commutative ring learning with errors from cyclic algebras,” J. Cryptology, vol. 35, no. 22, pp. 1–67, 2022.
  40. W. Diffie and M. E. Hellman, “New directions in cryptography,” IEEE Trans. Inf. Theory, vol. 22, no. 6, pp. 644–654, 1976.
  41. T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Trans. Inf. Theory, vol. 31, no. 4, pp. 469–472, 1985.
  42. B. Applebaum, D. Cash, C. Peikert, and A. Sahai, “Fast cryptographic primitives and circular-secure encryption based on hard learning problems,” in Advances in Cryptology-CRYPTO, 2009, pp. 595–618.
  43. W. Banaszczyk, “New bounds in some transference theorems in the geometry of numbers,” Math. Annalen, vol. 296, no. 4, pp. 625–635, 1993.
  44. D. Micciancio and O. Regev, “Worst-case to average-case reductions based on Gaussian measures.” SIAM J. Comput., vol. 37, no. 1, pp. 267–302, 2007.
  45. A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovász, “Factoring polynomials with rational coefficients,” Math. Annalen, vol. 261, no. 4, pp. 515–534, December 1982.
  46. L. Babai, “On Lovász’ lattice reduction and the nearest lattice point problem,” Combinatorica, vol. 6, no. 1, pp. 1–13, 1986.
  47. R. Endelman and M. Mukherjee, “Primitive central idempotents of the group algebra,” arXiv preprint arXiv:0803.1336, 2008.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now